Remove DuRPC. Description and removal instructions

Title: DuRPC
Type: Remote Administration Tools	Severity scale: (65 / 100)

You can find this virus under such name as Du Remote PC. It originated in June 2000. A Remote Administration Tool is a special kind of hacker
spyware, used for remote access and control of other people's
computers. The attacker infects the PC via the e-mail or File and Print
Sharing. A "server" allows him to connect via a "client" on his own
machine. The functions of a RAT may vary, depending on the needs of the
hacker. The server of this program is visible or Taskbar. The
programming language is Delphi.

From the publisher:

"Du Remote PC (DuRPC.exe) Manual
This program is FREEWARE, and fully functional. Options for a
non-freeware version described below.
DuRPC allows you to interact with the desktop of any pc running DuRPC
in server modus using any TCP/IP (internet or LAN) connection, presumed
you know the correct password on- and IP adres or hostname of this
server.
Now you can remotely control your internet server, second computer,
print server; helpdesk a client computer; save a second monitor or
whatever!
Minimum system requirement:
TCP/IP connection to another PC running DuRPC, LAN or Internet.
Microsoft Windows 32-bit or compatible platform (Win 9x, NT4, 2000,
Millenium; not 3.1x or NT3.5x (or lower!) ). 33k6 modem or better,
Pentium 90 or better. 56K modem, Pentium 266 or better recommended on
both sides.
Advantages
Control multiple PC's with only one monitor, keyboard and mouse, even
over the internet. Guarantees a descent connection, even by telephone
line. Reduces network resource use. Stable Easy to use Secure logon
protocol. Password is protected, and never goes over the network. No
backdoors. Freeware!
Disadvantages
Consumes loads of processor power if available. Other applications or
services get priority though!
Version
This is DuRPC beta 0.2
Automatic update - if a executable with higher version number
(DuRPCxxx) than the current running is placed into the same folder, the
new executable will be started automatically within 2 minutes, running
in server mode and using current known password. Connection to remote
client will be lost, if connected one has to reconnect again. This
allows you to update server version remotely. We try to keep (no
promises) DuRPC downword compatible, i.e. the client can run a higher
version number than the server. Not vice versa.
This version is not yet fully completed. Things to improve are:
Better screen analysis and change prediction
Nicer screenbuild for the user.
Keyboard input: only lower case allowed by now... working on.
Compression on transferred data (note that with a modem connection,
modem protocol will do perfect compression! up to 12 Kb/s with 33K6
modem seems possible.
Limitations
Double clicking - one sometimes has to double click rather fast to make
sure commands are send in the same network packet.
Colors - for transmitting a false color palette with 8-bit depth is
used. Therefore, colors are 'rounded' for the nearest 8-bit color.
Keyboard - not all characters are send, [CTRL][ALT][DEL] combination
for examamle, or [ALT][F4] (which will in fact close your client
window).
Short how-to instructions:
Start the application on two computers, hit 'serve' on one computer and
enter a password.
Enter the IP adres or hostname of this very computer into the edit box
of DuRPC on the other end and hit connect. If one gets no response
within a few seconds just try to connect again. Make sure the hostname
or IP adres is entered correctly, that you use the correct password,
and that both sides run the same version of DuRPC.
Make sure the clock is running the same time, and that both PC's are in
the same time-zone!! (OR: adjust both clocks to GMT for example). This
for inherent password security.
DuRPC hides automatically when in server mode and gets connected. One
can gain control by clicking the tray-bar icon (near the time
indication).
Parameters
On startup one can give optional parameters, most likely either two or
none.
DuRPC.exe [serve [password] ]
Use the word 'serve' to let DuRPC serve immediately. Enter the password
as second parameter. so a typical startup would be:
durpc serve secret
One could of course (manually) make a link to durpc.exe in your startup
folder.
Security
Every hour, a new set of 70 20-byte log on sets are available. A client
just randomly picks one, the server checks to see if it's in range. If
it is, a connection can be established. Based on time and password, the
client can generate a unique code. The time factor is build to make
make sure any logon is a unique one. The server also keeps track of
used logon's, and will never allow a connection with the same logon
again. This for avoiding someone capturing a network packet and logon
with the same code. The code is based on the password, and will always
be unique. Therefore the password is the essential key to logon. With
this procedure, we avoided a hard client-server interacting to
validate. As well did we avoid sending your password over the network.
And we did avoid logging on with captured information. Only time this
might fail, is on a spontanious reboot of the system, which with a good
OS hardly will occur except with power failure. DuRPC is NOT a service.
Therefore, machines running a server OS and need manual logon to the
desktop are inherent secure. Only machines which automatical reboot AND
automatical logon to the desktop AND automatical start DuRPC are
potential insecure for a maximum period of one hour after the latest
crash (which is needed to be insecure).
Based on your password and the time, the computer renders a unique hash
and sends that to the server. This hash can only be used once. The
server calculates, based on the password and time, correct answers.
This way, any logon send is unique.
To logon without knowing the correct password is almost inpossible.
Capturing network packets and analyze them, thus someone viewing screen
data might in fact be possible, but controlling a PC without knowing
the password is not.
Presumed no one dissassembles this code and makes sense out of it and
captures a logon packet of you and let a password generator produce
billions of passwords to find the matching one... chances for a hacker
to find a correct log-on are 1 on 2.0886E46.
This would take a hacker probably beyond long after our very own sun
has given up burning.
USE @ YOUR OWN RISK. we think it's safe but WE'RE NOT RESPONSIBLE FOR
ANYTHING.
Faq
Q: I set DuRPC in 'serve' mode and connected to localhost. Then the
application hides. How can I regain control?
A: The traybar icon of DuRPC allows to control the state of DuRPC
Q: Why does DuRPC hide when serving?
A: This has to do with a nasty windows thing: if one remotely would
like to move the application (holding mouse down at the blue bar) the
mouse-events would get in an endless loop.
Q: Could I better use PC-Anywhere or another (commercial) product?
A: Yes, you could. There are also several freeware desktop-sharing
programs for windows and for linux. PC-Anywhere though has the nasty
bug to be able to let your entire NT sy"

FORUM:
Discuss DuRPC in
spyware removal forum

DuRPC properties:
• Allows remote user connection
• Hides from the user
• Stays resident in background

Automatic DuRPC removal:

remover for DuRPC

Other programs to remove DuRPC:

• SUPERAntiSpyware - Review - Download
• CounterSpy - Review - Download
• Windows Defender - Review - Download

Information added: 20/03/05
Information updated: 20/03/05

Additional resources related to DuRPC:

Attention: If you know or you have a website or page about DuRPC removal, feel free to add a link to this list: add url

more resources

Post Comment:

Attention: Use this form only if you have additional information about DuRPC parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.